Traditional antivirus software that uses signatures to detect malware offers limited protection for uncharacterized threats (known as 0-day exploits). Malware is software that is designed to infiltrate or damage a computer system without the informed consent of a user or administrator. Malware includes computer viruses, worms, Trojan horses, rootkits, spyware, adware, crimeware (a class of malware designed to automate financial or political crime), and other dishonest or unwanted software. Such antivirus software typically does not detect or remove malware until a signature for the malware has been written and distributed to the antivirus software. This delay poses a serious threat for computer systems.
Heuristic engines have been developed by antivirus vendors to detect malware without using signatures. However, these heuristic engines usually examine how potential malware interacts with the operating system on which they operate (e.g., hooking application programming interfaces (APIs), injecting code, modifying registry keys, etc. These heuristic engines often analyze the code of the potential malware to determine if the actions that it takes are typical of malware. Conventional antivirus heuristic engines typically do not have any information regarding whether data contains confidential information, nor do conventional heuristic engines typically analyze how potential malware behaves with regards to confidential information.